Cisco: Organizations are unprepared for future ransomware

Organizations are unprepared for future strains of more sophisticated ransomware, a report by Cisco warns.

The networking giant's 2016 Midyear Cybersecurity Report concludes that the next wave of ransomware is expected to be more pervasive and resilient. While current strains typically infect a single computer, future ransomware variants are likely to spread rapidly across networks through vulnerability exploits.

"New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency," Cisco warns. "For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities." Malvertising (malicious or malware-tainted ads) is likely to become a more common distribution method for ransomware. Adobe Flash vulnerabilities continue to be one of the top targets for malvertising and exploit kits. In the popular Nuclear exploit kit, Flash accounted for 80 per cent of successful exploit attempts.

Cisco also saw a new trend in ransomware attacks exploiting server vulnerabilities specifically within JBoss servers. Ten percent of internet-connected JBoss servers worldwide were found to be compromised. While organizations in critical industries such as healthcare have experienced a significant increase in attacks over the past several months, Cisco reports that all vertical markets and global regions are being targeted. Clubs and organizations, charities, non-governmental organizations (NGOs), and electronics businesses all experienced an increase in attacks in the first half of 2016, according to Cisco.

"Fragile infrastructure, poor network hygiene, and slow detection rates are providing ample time and air cover for adversaries to operate," the networking giant warns. David Kennerley, director of threat research at cybersecurity firm Webroot, said that ransomware is one of the biggest threats facing organizations. "Unfortunately, protecting against ransomware is currently a question of economics," Kennerley notes. "It is often cheaper to pay the ransom to get the data back than the costs of regular back-ups and running the technologies to defend. This is why we have seen companies such as NASCAR team Circle Sport – Leavine Family Racing (CSLFR) paying for data to be recovered.

"No matter how tempting it might be, companies should never concede to the criminal and pay the ransom. It not only fuels the ransomware economy, as criminals see more and more success, but there is absolutely no guarantee that the data will be returned. We have seen instances of malware claiming to encrypt the data, but instead it has been deleted so paying the ransom still did not result in the data's return," he warned.

Laila Khudairi, head of cyber at Lloyd's, added: "The fact that ransomware is set to evolve over the next few years is hardly a surprise. The media regularly reminds us how even some of the biggest organizations can be disrupted by ransom events and clearly more needs to be done to combat this rapidly growing threat. What's more alarming is the fact that many organizations are still unprepared for the impact such events can have on their balance sheet."